< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

Re: [reSIProcate-users] Authorization by Proxy to Gateway - B2BUA

FYI - there are 2 B2BUA projects base on resip.  Unfortunately I haven't really played with either of them much to know if they are appropriate for you, nor do I know the state of these projects:


On Tue, Mar 27, 2018 at 5:11 PM, Scott Godin <sgodin@xxxxxxxxxxxxxxx> wrote:
It is possible to create a B2BUA using resiprocate/dum, but I don't think starting with repro makes much sense, since there is no management of session / dialog state, which you will need.  This will not be a trivial implementation.


On Tue, Mar 27, 2018 at 5:01 PM, Roman Rybalko via resiprocate-users <resiprocate-users@resiprocate.org> wrote:
resiprocate-users mailing list
List Archive: http://list.resiprocate.org/archive/resiprocate-users/

---------- Forwarded message ----------
From: Roman Rybalko <resiprocate@xxxxxxxxxxx>
To: "resiprocate-users@resiprocate.org" <resiprocate-users@resiprocate.org>
Date: Wed, 28 Mar 2018 00:01:04 +0300
Subject: Re: [reSIProcate-users] Authorization by Proxy to Gateway - B2BUA

Is is possible to build B2BUA on top of repro?

I guess if I make a plugin that rewrites request/response headers according to my call logic and maintains the state then repro may act as a b2bua. But I'm not sure whether it will possible to maintain the Client and Gateway transactions separate enough by rewriting request/response headers only.

The idea is to to fix To, From headers and the Request-URI, allowing other headers pass through. Will it be enough for proxy to act as a b2bua?

Roman Rybalko
From: Scott Godin
Sent: Tuesday, March 27, 2018 9:38PM +0300
To: Roman Rybalko
Cc: Resiprocate-users
Subject: Re: [reSIProcate-users] Authorization by Proxy to Gateway

A proxy is not supposed to modify headers, it is supposed to only add headers involved in routing (ie: Via, Route and/or Record-Route headers).  It might also remove some headers to (ie: Identity headers) when forwarding outside of it's domain.  I suggest a good read through the proxy behaviour sections in RFC3261.  You might be able to add the Authentication headers, but you will definitely run into trouble, if you start trying to change the To and/or From headers.  If you need to modify key headers like To/From then you must write a B2BUA instead.

FYI the challenge realm/domain will be in the 407/401 response.  You could use this to find the correct user.